diff --git a/.vscode/settings.json b/.vscode/settings.json
index 2c3e77b..f9f16c4 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,21 +1,24 @@
{
- "editor.formatOnSave": true,
- "editor.codeActionsOnSave": {
- "source.organizeImports": true,
- "source.generate.finalModifiers": true,
- "source.fixAll": true
- },
- "java.codeGeneration.useBlocks": true,
- "java.saveActions.organizeImports": true,
- "java.sources.organizeImports.starThreshold": 3,
- "java.sources.organizeImports.staticStarThreshold": 3,
- "java.test.config": {
- "vmArgs": [
- "-Djava.util.logging.config.file=src/test/resources/logging.properties"
- ]
- },
- "sonarlint.connectedMode.project": {
- "connectionId": "exasol",
- "projectKey": "com.exasol:parquet-io-java"
- }
-}
\ No newline at end of file
+ "editor.formatOnSave": true,
+ "editor.codeActionsOnSave": {
+ "source.organizeImports": true,
+ "source.generate.finalModifiers": true,
+ "source.fixAll": true
+ },
+ "java.codeGeneration.useBlocks": true,
+ "java.saveActions.organizeImports": true,
+ "java.sources.organizeImports.starThreshold": 3,
+ "java.sources.organizeImports.staticStarThreshold": 3,
+ "java.test.config": {
+ "vmArgs": [
+ "-Djava.util.logging.config.file=src/test/resources/logging.properties"
+ ]
+ },
+ "sonarlint.connectedMode.project": {
+ "connectionId": "exasol",
+ "projectKey": "com.exasol:parquet-io-java"
+ },
+ "files.watcherExclude": {
+ "**/target": true
+ }
+}
diff --git a/dependencies.md b/dependencies.md
index b08d42d..aad0ec5 100644
--- a/dependencies.md
+++ b/dependencies.md
@@ -8,98 +8,104 @@
| [Apache Parquet Hadoop][0] | [The Apache Software License, Version 2.0][1] |
| [snappy-java][2] | [Apache-2.0][3] |
| Apache Hadoop Client Aggregator | [Apache License, Version 2.0][4] |
-| [Scala Library][5] | [Apache-2.0][6] |
-| [error-reporting-java][7] | [MIT License][8] |
+| [Apache Avro][5] | [Apache-2.0][4] |
+| [Apache Commons Compress][6] | [Apache-2.0][4] |
+| [Scala Library][7] | [Apache-2.0][8] |
+| [error-reporting-java][9] | [MIT License][10] |
## Test Dependencies
-| Dependency | License |
-| ------------------------------- | ----------------------------------------- |
-| [JUnit Jupiter (Aggregator)][9] | [Eclipse Public License v2.0][10] |
-| [mockito-core][11] | [The MIT License][12] |
-| [mockito-junit-jupiter][11] | [The MIT License][12] |
-| [Hamcrest][13] | [BSD License 3][14] |
-| [scalatest][15] | [the Apache License, ASL Version 2.0][16] |
+| Dependency | License |
+| ------------------------------------------ | ----------------------------------------- |
+| [JUnit Jupiter (Aggregator)][11] | [Eclipse Public License v2.0][12] |
+| [mockito-core][13] | [MIT][14] |
+| [mockito-junit-jupiter][13] | [MIT][14] |
+| [Hamcrest][15] | [BSD License 3][16] |
+| [scalatest][17] | [the Apache License, ASL Version 2.0][18] |
+| [EqualsVerifier \| release normal jar][19] | [Apache License, Version 2.0][4] |
## Plugin Dependencies
| Dependency | License |
| ------------------------------------------------------- | --------------------------------------------- |
-| [SonarQube Scanner for Maven][17] | [GNU LGPL 3][18] |
-| [Apache Maven Compiler Plugin][19] | [Apache-2.0][4] |
-| [Apache Maven Enforcer Plugin][20] | [Apache-2.0][4] |
-| [Maven Flatten Plugin][21] | [Apache Software Licenese][4] |
-| [org.sonatype.ossindex.maven:ossindex-maven-plugin][22] | [ASL2][1] |
-| [Maven Surefire Plugin][23] | [Apache-2.0][4] |
-| [Versions Maven Plugin][24] | [Apache License, Version 2.0][4] |
-| [scala-maven-plugin][25] | [Public domain (Unlicense)][26] |
-| [ScalaTest Maven Plugin][27] | [the Apache License, ASL Version 2.0][16] |
-| [OpenFastTrace Maven Plugin][28] | [GNU General Public License v3.0][29] |
-| [Project keeper maven plugin][30] | [The MIT License][31] |
-| [duplicate-finder-maven-plugin Maven Mojo][32] | [Apache License 2.0][33] |
-| [Apache Maven Deploy Plugin][34] | [Apache-2.0][4] |
-| [Apache Maven GPG Plugin][35] | [Apache-2.0][4] |
-| [Apache Maven Source Plugin][36] | [Apache License, Version 2.0][4] |
-| [Apache Maven Javadoc Plugin][37] | [Apache-2.0][4] |
-| [Nexus Staging Maven Plugin][38] | [Eclipse Public License][39] |
-| [Maven Failsafe Plugin][40] | [Apache-2.0][4] |
-| [JaCoCo :: Maven Plugin][41] | [Eclipse Public License 2.0][42] |
-| [error-code-crawler-maven-plugin][43] | [MIT License][44] |
-| [Reproducible Build Maven Plugin][45] | [Apache 2.0][1] |
-| [Maven Clean Plugin][46] | [The Apache Software License, Version 2.0][1] |
-| [Maven Resources Plugin][47] | [The Apache Software License, Version 2.0][1] |
-| [Maven JAR Plugin][48] | [The Apache Software License, Version 2.0][1] |
-| [Maven Install Plugin][49] | [The Apache Software License, Version 2.0][1] |
-| [Maven Site Plugin 3][50] | [The Apache Software License, Version 2.0][1] |
+| [SonarQube Scanner for Maven][20] | [GNU LGPL 3][21] |
+| [Apache Maven Compiler Plugin][22] | [Apache-2.0][4] |
+| [Apache Maven Enforcer Plugin][23] | [Apache-2.0][4] |
+| [Maven Flatten Plugin][24] | [Apache Software Licenese][4] |
+| [org.sonatype.ossindex.maven:ossindex-maven-plugin][25] | [ASL2][1] |
+| [Maven Surefire Plugin][26] | [Apache-2.0][4] |
+| [Versions Maven Plugin][27] | [Apache License, Version 2.0][4] |
+| [scala-maven-plugin][28] | [Public domain (Unlicense)][29] |
+| [ScalaTest Maven Plugin][30] | [the Apache License, ASL Version 2.0][18] |
+| [OpenFastTrace Maven Plugin][31] | [GNU General Public License v3.0][32] |
+| [Project keeper maven plugin][33] | [The MIT License][34] |
+| [duplicate-finder-maven-plugin Maven Mojo][35] | [Apache License 2.0][36] |
+| [Apache Maven Deploy Plugin][37] | [Apache-2.0][4] |
+| [Apache Maven GPG Plugin][38] | [Apache-2.0][4] |
+| [Apache Maven Source Plugin][39] | [Apache License, Version 2.0][4] |
+| [Apache Maven Javadoc Plugin][40] | [Apache-2.0][4] |
+| [Nexus Staging Maven Plugin][41] | [Eclipse Public License][42] |
+| [Maven Failsafe Plugin][43] | [Apache-2.0][4] |
+| [JaCoCo :: Maven Plugin][44] | [Eclipse Public License 2.0][45] |
+| [error-code-crawler-maven-plugin][46] | [MIT License][47] |
+| [Reproducible Build Maven Plugin][48] | [Apache 2.0][1] |
+| [Maven Clean Plugin][49] | [The Apache Software License, Version 2.0][1] |
+| [Maven Resources Plugin][50] | [The Apache Software License, Version 2.0][1] |
+| [Maven JAR Plugin][51] | [The Apache Software License, Version 2.0][1] |
+| [Maven Install Plugin][52] | [The Apache Software License, Version 2.0][1] |
+| [Maven Site Plugin 3][53] | [The Apache Software License, Version 2.0][1] |
[0]: https://parquet.apache.org
[1]: http://www.apache.org/licenses/LICENSE-2.0.txt
[2]: https://github.com/xerial/snappy-java
[3]: https://www.apache.org/licenses/LICENSE-2.0.html
[4]: https://www.apache.org/licenses/LICENSE-2.0.txt
-[5]: https://www.scala-lang.org/
-[6]: https://www.apache.org/licenses/LICENSE-2.0
-[7]: https://github.com/exasol/error-reporting-java/
-[8]: https://github.com/exasol/error-reporting-java/blob/main/LICENSE
-[9]: https://junit.org/junit5/
-[10]: https://www.eclipse.org/legal/epl-v20.html
-[11]: https://github.com/mockito/mockito
-[12]: https://github.com/mockito/mockito/blob/main/LICENSE
-[13]: http://hamcrest.org/JavaHamcrest/
-[14]: http://opensource.org/licenses/BSD-3-Clause
-[15]: http://www.scalatest.org
-[16]: http://www.apache.org/licenses/LICENSE-2.0
-[17]: http://sonarsource.github.io/sonar-scanner-maven/
-[18]: http://www.gnu.org/licenses/lgpl.txt
-[19]: https://maven.apache.org/plugins/maven-compiler-plugin/
-[20]: https://maven.apache.org/enforcer/maven-enforcer-plugin/
-[21]: https://www.mojohaus.org/flatten-maven-plugin/
-[22]: https://sonatype.github.io/ossindex-maven/maven-plugin/
-[23]: https://maven.apache.org/surefire/maven-surefire-plugin/
-[24]: https://www.mojohaus.org/versions/versions-maven-plugin/
-[25]: http://github.com/davidB/scala-maven-plugin
-[26]: http://unlicense.org/
-[27]: https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin
-[28]: https://github.com/itsallcode/openfasttrace-maven-plugin
-[29]: https://www.gnu.org/licenses/gpl-3.0.html
-[30]: https://github.com/exasol/project-keeper/
-[31]: https://github.com/exasol/project-keeper/blob/main/LICENSE
-[32]: https://basepom.github.io/duplicate-finder-maven-plugin
-[33]: http://www.apache.org/licenses/LICENSE-2.0.html
-[34]: https://maven.apache.org/plugins/maven-deploy-plugin/
-[35]: https://maven.apache.org/plugins/maven-gpg-plugin/
-[36]: https://maven.apache.org/plugins/maven-source-plugin/
-[37]: https://maven.apache.org/plugins/maven-javadoc-plugin/
-[38]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/
-[39]: http://www.eclipse.org/legal/epl-v10.html
-[40]: https://maven.apache.org/surefire/maven-failsafe-plugin/
-[41]: https://www.jacoco.org/jacoco/trunk/doc/maven.html
-[42]: https://www.eclipse.org/legal/epl-2.0/
-[43]: https://github.com/exasol/error-code-crawler-maven-plugin/
-[44]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE
-[45]: http://zlika.github.io/reproducible-build-maven-plugin
-[46]: http://maven.apache.org/plugins/maven-clean-plugin/
-[47]: http://maven.apache.org/plugins/maven-resources-plugin/
-[48]: http://maven.apache.org/plugins/maven-jar-plugin/
-[49]: http://maven.apache.org/plugins/maven-install-plugin/
-[50]: http://maven.apache.org/plugins/maven-site-plugin/
+[5]: https://avro.apache.org
+[6]: https://commons.apache.org/proper/commons-compress/
+[7]: https://www.scala-lang.org/
+[8]: https://www.apache.org/licenses/LICENSE-2.0
+[9]: https://github.com/exasol/error-reporting-java/
+[10]: https://github.com/exasol/error-reporting-java/blob/main/LICENSE
+[11]: https://junit.org/junit5/
+[12]: https://www.eclipse.org/legal/epl-v20.html
+[13]: https://github.com/mockito/mockito
+[14]: https://github.com/mockito/mockito/blob/main/LICENSE
+[15]: http://hamcrest.org/JavaHamcrest/
+[16]: http://opensource.org/licenses/BSD-3-Clause
+[17]: http://www.scalatest.org
+[18]: http://www.apache.org/licenses/LICENSE-2.0
+[19]: https://www.jqno.nl/equalsverifier
+[20]: http://sonarsource.github.io/sonar-scanner-maven/
+[21]: http://www.gnu.org/licenses/lgpl.txt
+[22]: https://maven.apache.org/plugins/maven-compiler-plugin/
+[23]: https://maven.apache.org/enforcer/maven-enforcer-plugin/
+[24]: https://www.mojohaus.org/flatten-maven-plugin/
+[25]: https://sonatype.github.io/ossindex-maven/maven-plugin/
+[26]: https://maven.apache.org/surefire/maven-surefire-plugin/
+[27]: https://www.mojohaus.org/versions/versions-maven-plugin/
+[28]: http://github.com/davidB/scala-maven-plugin
+[29]: http://unlicense.org/
+[30]: https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin
+[31]: https://github.com/itsallcode/openfasttrace-maven-plugin
+[32]: https://www.gnu.org/licenses/gpl-3.0.html
+[33]: https://github.com/exasol/project-keeper/
+[34]: https://github.com/exasol/project-keeper/blob/main/LICENSE
+[35]: https://basepom.github.io/duplicate-finder-maven-plugin
+[36]: http://www.apache.org/licenses/LICENSE-2.0.html
+[37]: https://maven.apache.org/plugins/maven-deploy-plugin/
+[38]: https://maven.apache.org/plugins/maven-gpg-plugin/
+[39]: https://maven.apache.org/plugins/maven-source-plugin/
+[40]: https://maven.apache.org/plugins/maven-javadoc-plugin/
+[41]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/
+[42]: http://www.eclipse.org/legal/epl-v10.html
+[43]: https://maven.apache.org/surefire/maven-failsafe-plugin/
+[44]: https://www.jacoco.org/jacoco/trunk/doc/maven.html
+[45]: https://www.eclipse.org/legal/epl-2.0/
+[46]: https://github.com/exasol/error-code-crawler-maven-plugin/
+[47]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE
+[48]: http://zlika.github.io/reproducible-build-maven-plugin
+[49]: http://maven.apache.org/plugins/maven-clean-plugin/
+[50]: http://maven.apache.org/plugins/maven-resources-plugin/
+[51]: http://maven.apache.org/plugins/maven-jar-plugin/
+[52]: http://maven.apache.org/plugins/maven-install-plugin/
+[53]: http://maven.apache.org/plugins/maven-site-plugin/
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
index 866d8f8..e00dc9f 100644
--- a/doc/changes/changelog.md
+++ b/doc/changes/changelog.md
@@ -1,5 +1,6 @@
# Changes
+* [2.0.6](changes_2.0.6.md)
* [2.0.5](changes_2.0.5.md)
* [2.0.4](changes_2.0.4.md)
* [2.0.3](changes_2.0.3.md)
diff --git a/doc/changes/changes_2.0.6.md b/doc/changes/changes_2.0.6.md
new file mode 100644
index 0000000..d904a57
--- /dev/null
+++ b/doc/changes/changes_2.0.6.md
@@ -0,0 +1,27 @@
+# Parquet for Java 2.0.6, released 2023-10-24
+
+Code name: Fix CVE-2023-39410 and CVE-2023-42503
+
+## Summary
+
+This release fixes the following vulnerabilities:
+
+* CVE-2023-39410 in compile dependency `org.apache.avro:avro`
+* CVE-2023-42503 in compile dependency `org.apache.commons:commons-compress`
+
+## Security
+
+* #64: Fixed CVE-2023-39410 in `org.apache.avro:avro`
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Added `org.apache.avro:avro:1.11.3`
+* Added `org.apache.commons:commons-compress:1.24.0`
+
+### Test Dependency Updates
+
+* Added `nl.jqno.equalsverifier:equalsverifier:3.15.2`
+* Updated `org.mockito:mockito-core:5.5.0` to `5.6.0`
+* Updated `org.mockito:mockito-junit-jupiter:5.5.0` to `5.6.0`
diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom
index f9003dd..ff29f62 100644
--- a/pk_generated_parent.pom
+++ b/pk_generated_parent.pom
@@ -3,7 +3,7 @@
4.0.0
com.exasol
parquet-io-java-generated-parent
- 2.0.5
+ 2.0.6
pom
UTF-8
diff --git a/pom.xml b/pom.xml
index a7ddb7a..a6f50a7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,20 +3,20 @@
4.0.0
com.exasol
parquet-io-java
- 2.0.5
+ 2.0.6
Parquet for Java
This project provides a library that reads Parquet files into Java objects.
https://github.com/exasol/parquet-io-java/
parquet-io-java-generated-parent
com.exasol
- 2.0.5
+ 2.0.6
pk_generated_parent.pom
2.13.12
2.13
- 5.5.0
+ 5.6.0
@@ -103,6 +103,18 @@
+
+
+ org.apache.avro
+ avro
+ 1.11.3
+
+
+
+ org.apache.commons
+ commons-compress
+ 1.24.0
+
org.scala-lang
scala-library
@@ -144,6 +156,12 @@
3.3.0-SNAP4
test
+
+ nl.jqno.equalsverifier
+ equalsverifier
+ 3.15.2
+ test
+
diff --git a/src/main/java/com/exasol/parquetio/data/ChunkIntervalImpl.java b/src/main/java/com/exasol/parquetio/data/ChunkIntervalImpl.java
index bfb65a9..410ffc0 100644
--- a/src/main/java/com/exasol/parquetio/data/ChunkIntervalImpl.java
+++ b/src/main/java/com/exasol/parquetio/data/ChunkIntervalImpl.java
@@ -5,7 +5,7 @@
/**
* An implementation of {@link ChunkInterval} that holds {@code start} and {@code end} position of row group chunks.
*/
-public class ChunkIntervalImpl implements ChunkInterval {
+public final class ChunkIntervalImpl implements ChunkInterval {
private final long start;
private final long end;
diff --git a/src/test/java/com/exasol/parquetio/data/ChunkIntervalImplTest.java b/src/test/java/com/exasol/parquetio/data/ChunkIntervalImplTest.java
new file mode 100644
index 0000000..07109b1
--- /dev/null
+++ b/src/test/java/com/exasol/parquetio/data/ChunkIntervalImplTest.java
@@ -0,0 +1,12 @@
+package com.exasol.parquetio.data;
+
+import org.junit.jupiter.api.Test;
+
+import nl.jqno.equalsverifier.EqualsVerifier;
+
+class ChunkIntervalImplTest {
+ @Test
+ void verifyEqualsContract() {
+ EqualsVerifier.forClass(ChunkIntervalImpl.class).verify();
+ }
+}